A sneaky new phishing attack attempts to manipulate victims into entering their username and password by claiming their account will be deleted if they don’t – and it uses a countdown timer to pile on the pressure.
Detailed by cybersecurity researchers at Cofense, this phishing attack begins with a message which claims to warn the recipient that an attempt to login to their account from a location they haven’t used before has been blocked – and that they should click a link to verify their email address.
This kind of fear tactic is common in phishing attacks, as cyber criminals know that sending victims into a state of urgency means they’re more likely to follow instructions, particularly if they’ve been told something is wrong with their account.
What sets this attack apart from others is that it appears to borrow a tactic from ransomware gangs – displaying a countdown clock on the phishing site. The timer ticks down from an hour, claiming the user must enter their username and password to ‘validate’ their account before the countdown clock hits zero, otherwise their account – and even those of others – will be deleted.
SEE: A security researcher easily found my passwords and more: How my digital footprints left me surprisingly over-exposed
This isn’t a real warning and even if the countdown timer reaches zero, nothing will be deleted – but the tactic is designed to make the victim panic and follow the instructions. It’s similar to a technique used by ransomware groups.
If the user targeted by the phishing email enters their login credentials, it either claims they’ve used the wrong password or it says the login details are accepted, before redirecting them back to their company home page. In either cases, the result is the same – the attacker steals the username and password.
There’s several ways attackers could abuse legitimate login credentials. They could use them to access the network themselves to steal data, help gain access to other accounts or even plant ransomware or other malware. Alternatively, they could sell the stolen passwords to other cyber criminals to use in their own illicit campaigns.
Phishing attacks are one of the most common methods cyber criminals use to steal usernames and passwords. Using multi-factor authentication (MFA) can help protect accounts, because even if the attacker knows the correct login credentials, the need for extra verification prevents them from being able to access the account, as well as providing a warning that something could be wrong.
In the event of your password being stolen, it’s vital it’s quickly changed, preferably to something which is complex and difficult for a hacker to guess.
MORE ON CYBERSECURITY